-
-
-
Deploy Citrix ingress controller with OpenShift router sharding support
-
Deploy Citrix ADC CPX as an Ingress in Azure Kubernetes Engine
-
Deploy Citrix ingress controller in an Azure Kubernetes Service cluster with Citrix ADC VPX
-
Deploy Citrix ADC CPX as an Ingress in Google Cloud Platform
-
Deploy Citrix ingress controller for Citrix ADC with admin partitions
-
-
SSL certificate for services of type LoadBalancer through the Kubernetes secret resource
-
BGP advertisement for type LoadBalancer services and Ingresses using Citrix ADC CPX
-
Citrix ADC CPX integration with MetalLB in layer 2 mode for on-premises Kubernetes clusters
-
Advanced content routing for Kubernetes Ingress using the HTTPRoute CRD
-
IP address management using the Citrix IPAM controller for Ingress resources
-
-
TLS server authentication in Citrix ADC
-
Install, link, and update certificates on Citrix ADC using the Citrix ingress controller
-
Introduction to automated certificate management with cert-manager
Thank you for the feedback
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
TLS server authentication support in Citrix ADC using the Citrix ingress controller
Server authentication allows a client to verify the authenticity of the web server that it is accessing. Usually, the Citrix ADC device performs SSL offload and acceleration on behalf of a web server and does not authenticate the certificate of the Web server. However, you can authenticate the server in deployments that require end-to-end SSL encryption.
In such a situation, the Citrix ADC device becomes the SSL client and performs the following:
- carries out a secure transaction with the SSL server
- verifies that a CA whose certificate is bound to the SSL service has signed the server certificate
- checks the validity of the server certificate.
To authenticate the server, you must first enable server authentication and then bind the certificate of the CA that signed the certificate of the server to the SSL service on the Citrix ADC appliance. When you bind the certificate, you must specify the bind as a CA option.
Configuring TLS server authentication
Perform the following steps to configure TLS server authentication.
-
Enable the TLS support in Citrix ADC.
The Citrix ingress controller uses the TLS section in the Ingress definition as an enabler for TLS support with Citrix ADC. The following is a sample snippet of the Ingress definition:
spec: tls: - secretName: -
To generate a Kubernetes secret for an existing certificate, perform the following.
-
Generate a client certificate to be used with the service.
kubectl create secret tls tea-beverage --cert=path/to/tls.cert --key=path/to/tls.key --namespace=default -
Generate a secret for an existing CA certificate. This certificate is required to sign the back end server certificate.
kubectl create secret generic tea-ca --from-file=tls.crt=cacerts.pem
Note:
You must specify
tls.crt=while creating a secret. This file is used by the Citrix ingress controller while parsing a CA secret. -
-
Enable secure back end communication to the service using the following annotation in the Ingress configuration.
ingress.citrix.com/secure-backend: "True" -
Use the following annotation to bind the certificate to SSL service. This certificate is used when the Citrix ADC acts as a client to send the request to the back end server.
ingress.citrix.com/backend-secret: '{"tea-beverage": "tea-beverage", "coffee-beverage": "coffee-beverage"}' -
To enable server authentication which authenticates the back end server certificate, you can use the following annotation. This configuration binds the CA certificate of the server to the SSL service on the Citrix ADC.
ingress.citrix.com/backend-ca-secret: '{"coffee-beverage":"coffee-ca", "tea-beverage":"tea-ca"}
Thank you for the feedback
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.